本文介绍: 高级持续威胁 (APT)是一种复杂的、持续网络攻击,入侵者在网络中建立未被发现存在以便在很长一段时间内窃取敏感数据。APT 攻击经过精心策划和设计,旨在渗透到特定组织、逃避现有安全措施并在雷达下飞行。与传统攻击相比,执行 APT 攻击需要高程度的定制复杂性。攻击者通常是资金雄厚经验丰富的网络犯罪团队他们以高价值组织目标。他们花费了大量的时间资源研究识别组织内的漏洞。HacktivismAPT 的目标分为四大类网络间谍活动,包括盗窃知识产权或国家机密以谋取经济利益的电子犯罪。

What is an Advanced Persistent Threat?

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time. An APT attack is carefully planned and designed to infiltrate a specific organization, evade existing security measures and fly under the radar.

Executing an APT attack requires a higher degree of customization and sophistication than a traditional attack. Adversaries artypically well-fundedexperienced teams of cybercriminals that target high-value organizations. They’ve spent significant time and resources researching and identifying vulnerabilities within the organization.

什么是高级持续性威胁?

高级持续性威胁 (APT) 是一种复杂的、持续网络攻击,入侵者在网络中建立未被发现存在以便在很长一段时间内窃取敏感数据。APT 攻击经过精心策划和设计,旨在渗透到特定组织、逃避现有安全措施并在雷达下飞行。

与传统攻击相比,执行 APT 攻击需要高程度的定制和复杂性。攻击通常是资金雄厚经验丰富的网络犯罪团队他们以高价值组织为目标。他们花费了大量的时间资源研究识别组织内的漏洞

The goals of APTs fall into four general categories:

APT 的目标分为四大类

  • 网络间谍活动,包括盗窃知识产权或国家机密
  • 以谋取经济利益的电子犯罪
  • 黑客行动主义
  • 破坏

What are the 3 Stages of an APT Attack?

To prevent, detect and resolve an APT, you must recognize its characteristics. Most APTs follow the same basic life cycle of infiltrating a network, expanding access and achieving the goal of the attack, which is most commonly stealing data by extracting it from the network.

APT 攻击的 3 个阶段是什么?

要预防、检测解决 APT,您必须识别其特征。大多数 APT 遵循相同的基本生命周期,即渗透网络、扩大访问范围实现攻击目标,最常见的是通过从网络中提取数据来窃取数据。

Stage 1: Infiltration

In the first phase, advanced persistent threats often gain access through social engineering techniques. One indication of an APT is a phishing email that selectively targets high-level individuals like senior executives or technology leaders, often using information obtained from other team members that have already been compromised. Email attacks that target specific individuals are called “spear-phishing.”

The email may seem to come from a team member and include references to an ongoing project. If several executives report being duped by a spear-phishing attack, start looking for other signs of an APT.

第 1 阶段渗透

在第一阶段高级持续性威胁通常通过社会工程技术获得访问权限。APT 的一个迹象是网络钓鱼电子邮件,该电子邮件选择针对高级管理人员技术领导者等高级个人,通常使用从其他团队成员那里获得的信息,这些信息已被泄露针对特定个人的电子邮件攻击称为“鱼叉式网络钓鱼”。

该电子邮件可能似乎来自团队成员,并包含对正在进行的项目引用。如果几位高管报告被鱼叉式网络钓鱼攻击欺骗,请开始寻找 APT 的其他迹象。

Stage 2: Escalation and Lateral Movement

Once initial access has been gained, attackers insert malware into an organization’s network to move to the second phase, expansion. They move laterally to map the network and gather credentials such as account names and passwords in order to access critical business information.

They may also establish  a “backdoor” — a scheme that allows them to sneak into the network later to conduct stealth operations. Additional entry points are often established to ensure that the attack can continue if a compromised point is discovered and closed.

第 2 阶段升级和横向移动

一旦获得初始访问权限,攻击者就会将恶意软件插入组织的网络,以进入第二阶段,即扩展。它们横向移动映射网络并收集凭据(如帐户名和密码),以便访问关键业务信息

他们还可能建立一个“后门”——一个允许他们稍后潜入网络进行隐身行动的计划。通常会建立额外的入口点,以确保在发现关闭受感染点时攻击可以继续。

Stage 3: Exfiltration

To prepare for the third phase, cybercriminals typically store stolen information in a secure location within the network until enough data has been collected. They then extract, or “exfiltrate” it without detection. They may use tactics like a denial-of-service (DoS) attack to distract the security team and tie up network personnel while the data is being exfiltrated. The network can remain compromised, waiting for the thieves to return at any time.

第 3 阶段:外泄

为了准备第三阶段,网络犯罪分子通常会将被盗信息存储在网络内的安全位置,直到收集到足够的数据然后,他们在不被发现的情况下提取或“渗透”它。他们可能会使用拒绝服务 (DoS) 攻击等策略来分散安全团队的注意力,并在数据泄露时束缚网络人员。网络可能一直受到威胁,等待窃贼随时返回

Characteristics of an APT Attack

Since advanced persistent threats use different techniques from ordinary hackers, they leave behind different signs. In addition to spear-phishing campaigns that target organization leaders, symptoms of an advanced persistent threat attack include:

APT 攻击的特征

由于高级持续性威胁使用与普通黑客不同的技术,因此它们会留下不同的迹象。除了针对组织领导者的鱼叉式网络钓鱼活动外,高级持续性威胁攻击的症状还包括

Advanced Persistent Threat Examples

CrowdStrike currently tracks well over 150 adversaries around the world, including nation-states, eCriminals and hacktivists.

Here are some notable examples of APTs detected by CrowdStrike:

高级持续性威胁示例

CrowdStrike 目前跟踪全球 150 多个对手,包括民族国家、电子犯罪分子和黑客行动主义者。

以下是 CrowdStrike 检测到的 APT 的一些值得注意的示例

How do you Protect Against APT Attacks?

There are many cybersecurity and intelligence solutions available to assist organizations in better protecting against APT attacks. Here are some of the best tactics to employ:

如何防范 APT 攻击?

有许多网络安全情报解决方案可以帮助组织更好地防范 APT 攻击。以下是一些最佳策略:

摘自:

What is an Advanced Persistent Threat (APT)? – CrowdStrike

原文地址:https://blog.csdn.net/asdcls/article/details/134683359

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任

如若转载,请注明出处:http://www.7code.cn/show_17515.html

如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注